SR-D37415 · Issue 508967
Parameter page update added to improve backwards compatibility for ShowTestLibraryTab
Resolved in Pega Version 8.2.4
An error was observed on the first attempt to modify the 'when' rule "ShowTestLibraryTab" located in PegaProjectMgmt:08-01-01. Analysis showed the when rule (Always, Never) which was called from this rule was not found, which was an issue traced to the Rule-Obj-When function alias parameter name being changed from "strWhen" to "blockName" in the 8.1 release. Subsequent attempts to save the modified rule succeeded due to step#7 in the Embed-UserFunction.pzPopulateDropdownFBUIParameters activity upgrading the pyParameters page with the latest data. To resolve this backwards compatibility issue, the activity step#6 has been modified to upgrade the parameter name for the Rule-Obj-When function alias.
INC-174468 · Issue 650946
Delegated rules search considers localized text
Resolved in Pega Version 8.7
The search / filter box used to look for particular delegated rules on the configuration tab did not consider localization via field values, where the on screen name and description of the delegated rule was localized. This resulted in the search text being compared against the original text (.pyAdviceText and .pyDescription) used for the name and description at the time the rule was delegated, but not with the localized text that actually appeared on the screen. This has been resolved by updating the pzPopulateDelegations activity to filter by localized values of pyAdviceText and pyDescription.
SR-A6666 · Issue 215202
Corrected handling of transient page list item
Resolved in Pega Version 7.2
When the "Do not save property data" option was checked, saving work data without clearing the page list properties caused an .IndexOutOfBoundsException error when attempting to reopen the same work object. This was an error in the handling of the transient page list item, and has been corrected.
SR-D38053 · Issue 508225
Upcase case shape will fall back to pyWorkCover if multiple pages are present
Resolved in Pega Version 8.2.4
In the Update a Case shape, selecting "A Single Case" and providing .pxCoveredInsKeys(1) for the With ID field worked as expected, but using the same data transform and selecting either "All child cases and descendants" or a specific child case resulted in no update on the children. This was traced to the findPageByHandle API not returning the most appropriate page, which created an issue whenever multiple pages were present in the clipboard. To correct this, the system has been updated to use pyWorkCover if present.
SR-A10527 · Issue 221023
Issue with unwanted additional PageList property row corrected
Resolved in Pega Version 7.2
An empty row was being created on a page list property used in a work-item due to a logic issue with the TrackSecurityChangesLogic activity. This has been corrected.
SR-A10527 · Issue 221549
Issue with unwanted additional PageList property row corrected
Resolved in Pega Version 7.2
An empty row was being created on a page list property used in a work-item due to a logic issue with the TrackSecurityChangesLogic activity. This has been corrected.
SR-A2768 · Issue 207926
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A6195 · Issue 213843
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A2768 · Issue 194111
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A2361 · Issue 214536
XSS fix updated for IAC with CSRF tokens
Resolved in Pega Version 7.2
After updating to address a potential XSS security issue, some problems were found with using IAC with CSRF tokens in the pathinfo. Additional checks have been added to handle this scenario.